<?php
//require 'core.inc.php';

//echo $current_file;


if ( isset($_POST['username'])&&isset($_POST['password'])) {
	$emailaddr = $_POST['username'];
	$password = $_POST['password'];
	
	$password_hash = md5($password);
	
	if ( !empty($emailaddr)&&!empty($password) )
	{
					
		$query = "SELECT `id`, `firstname`, `lastname` FROM `users` WHERE `emailaddress`='$emailaddr' AND `password`='$password_hash'";
		if ($query_run = mysql_query($query)) 
		{
			$query_num_rows = mysql_num_rows($query_run);
			
			if ($query_num_rows==0)
			{
				echo 'Invalid Email/Password Combination.';
			}
			else if ($query_num_rows==1)
			{
				$firstname = mysql_result($query_run, 0, 'firstname');
				//echo 'Welcome '.$firstname.'!';
				$_SESSION['user_id'] = mysql_result($query_run, 0, 'id');
				$_SESSION['firstname'] = $firstname;
				//echo $_SESSION['user_id'];
				header('Location: myfirstfile.php');
			}
			else
			{
				echo 'More than 1 row returned!';
			}
		}
		else
		{
			echo 'Invalid Query.';
		}
		
	}else{
		echo 'You must supply a username and password.';
	}
	}
?>
<form action="<?php echo $current_file; ?>" method="POST">
Username: <input type="text" name="username"> Password: <input type="password" name="password">
<input type = "submit" value="Log In">
</form>
<form action="register.php" method="POST">
<input type = "submit" value="Register">
</form>
